FreeBSD -- Kernel memory disclosure in firewire(4)

Description

Problem Description:
In the FW_GCROM ioctl, a signed integer comparison is used
instead of an unsigned integer comparison when computing the
length of a buffer to be copied from the kernel into the
calling application.
Impact:
A user in the "operator" group can read the contents of
kernel memory. Such memory might contain sensitive
information, such as portions of the file cache or terminal
buffers. This information might be directly useful, or it
might be leveraged to obtain elevated privileges in some way;
for example, a terminal buffer might include a user-entered
password.
Workaround:
No workaround is available, but systems without IEEE 1394
("FireWire") interfaces are not vulnerable. (Note that
systems with IEEE 1394 interfaces are affected regardless of
whether any devices are attached.)
Note also that FreeBSD does not have any non-root users in
the "operator" group by default; systems on which no users
have been added to this group are therefore also not
vulnerable.

All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to content@vulners.com Vulners, 2017